andre_st
asked on
Which owner, and permission settings for apache and FTP setup? (Linux)
I have setup a LAMP, and I am confused about which permissions to use. From what I've read it is often mentioned that files on the web server should be owned by www-data:www-data, as that is the account Apache runs on.
So now my current setting for all web server files are:
-rwxrwxr-x www-data : www-data
The account I log in to FTP is called admin, and is a member of the www-data group. (I’ve read that due to security, it is not possible to log in as www-data)
The problem I have is that I often need to delete files, and copy old files (restoring backup) to the web server through FTP. This means that the files I am uploading to the server will be owned by “admin”, and get default permission as “-rw-r- -r- -“. It isn’t very practical to need to run chown / chmod command every time I load something up. And will it matter if the files are being owned by admin, instead of www-data? As long as www-data is the owner group, wouldn’t that be sufficient for Apache?
What is best practice when it comes to this kind of scenario? Is it possible to automatically make the system apply the wanted ownership/permission to every file that is uploaded to the webserver? Or should I use some other permission settings?
So now my current setting for all web server files are:
-rwxrwxr-x www-data : www-data
The account I log in to FTP is called admin, and is a member of the www-data group. (I’ve read that due to security, it is not possible to log in as www-data)
The problem I have is that I often need to delete files, and copy old files (restoring backup) to the web server through FTP. This means that the files I am uploading to the server will be owned by “admin”, and get default permission as “-rw-r- -r- -“. It isn’t very practical to need to run chown / chmod command every time I load something up. And will it matter if the files are being owned by admin, instead of www-data? As long as www-data is the owner group, wouldn’t that be sufficient for Apache?
What is best practice when it comes to this kind of scenario? Is it possible to automatically make the system apply the wanted ownership/permission to every file that is uploaded to the webserver? Or should I use some other permission settings?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ohh, and it's worth mentioning that I am running WordPress. Which means that users can upload different media files to the web server. I assume that requires Apache (www-data) to have write access, and that all uploaded files, will therefore be owned by www-data?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oops, I meant "That being, said I know it is annoying but I would not suggest using www-data/www-data" to read, I WOULD SUGGEST, darn annoying small tiny miniscule laptop keyboard!
<facepalm>
Regards,
Michael
E-Mail: mreith@gmail.com
Blogsite: http://technobloggings.blogspot.com
Twitter: http://www.twitter.com/therealmreith
YouTube: http://www.youtube.com/technoblob (work in progress, visit back for updates and our premiere!)
<facepalm>
Regards,
Michael
E-Mail: mreith@gmail.com
Blogsite: http://technobloggings.blogspot.com
Twitter: http://www.twitter.com/therealmreith
YouTube: http://www.youtube.com/technoblob (work in progress, visit back for updates and our premiere!)
ASKER
Ok guys! Thanks for your help! I've applied the ownership as www-data:www-data, and directories to 0755 and files to 0644.
ASKER
Excuse my confusion, but I thought that the apache server needs execution permission for the web content, as it is in php-code. Is it enough to just have 0644 on the files, if apache is not the owner of the files?
Or does 0755 on the directories mean that the apache has permission to execute the files in the folder - even if the files are set to 0644...?